CVE Catalog

CVE-2026-8025

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

9th percentile — higher than 9% of all known CVEs

Summary

CVE-2026-8025 describes an improper neutralization of special elements used in SQL commands, leading to SQL Injection vulnerability in the CBS Platform by MOSK Information Technologies Ltd.

Risk Assessment

An attacker could exploit this vulnerability to gain unauthorized access to the database, potentially leading to exposure or modification of sensitive data.

Recommendation

It is recommended to avoid using the vulnerable CBS platform and to migrate to a supported version or an alternative solution.

Original NVD description (English source)

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue affects CBS Platform: through 09062026.  NOTE: The vendor was contacted and it was learned that the product is not supported.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS